Attorney Docket No. PNL21348 

Amendments to the Claims : 

1. (Currently Amended) In a transaction involving a disclosure of confidential 
information by first parties to second parties, requiring the second parties to have adopted 
[[adopt]] security measures with respect to the handling of the information and periodically 
respond to requests of the first parties for assurances of the adoption, implementation and 
observance of the security measures by the second party , a method for providing [[the]] such 
assurances to the first parties, comprising: 

arranging by a third party with a selected number of the second parties to acquire, 
compile and store in a database of said third party , information regarding the adoption, 
implementation and observation of security measures for each of the selected number of second 
parties; 

arranging by said third party with a selected number of the first parties subscription 
services providing the selected number of first parties with assurances of the security measures 
of the selected number of second parties upon request; and 

providing by said third party the assurances of the security measures of the selected 
number of second parties to the selected number of first parties upon request. 

2. (Currently Amended) The method according to claim 1 further including 
updating the security measures information stored in the database of said third party for each 
second party periodically. 

3. (Currently Amended) The method according to claim 1 further including 
updating the security measures information stored in the database of said third party upon a 
notification by a respective second party and verification by a third party. 

4. (Currently Amended) The method according to claim 1 wherein the acquisition, 
compilation and storage of the security measures information of the selected number of second 
parties by said third party is performed at no cost to the selected number of second parties. 

5. (Currently Amended) The method according to claim 1 including rendering the 
subscription services of said third party for a fee. 

6. (Currently Amended) The method according to claim 1 further including 
providing by said third party a rating for each second party based upon a type of the confidential 
information and the security measures of the vendor. 
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7. (Currently Amended) The method according to claim 1 further including 
providing a rating by said third party for each second party based upon the security measures of 
the second party. 

8. (Currently Amended) A method for providing security information on a plurality 
of vendors to a plurality of clients, comprising: 

providing an assessment of security procedures adopted, implemented and observed for 

each of the plurality of vendors by a third party ; 

storing each assessment in a vendor security database by said third party ; and 

providing access by said third party to the vendor security database to each client to allow 

each client to review the plurality of assessments. 

9. (Original) The method according to claim 8 wherein the assessment is provided 
at cost to the vendor. 

10. (Previously Presented) The method according to claim 8 wherein the assessment 
is provided for a fee to the vendor. 

1 1 . (Original) The method according to claim 8 wherein the assessment is provided 
at no cost to the vendor. 

12. (Previously Presented) The method according to claim 8 wherein the access 
provided to each client is pursuant to the rendering of subscription services for a fee. 

13. (Original) The method according to claim 8 wherein the assessment is updated 
periodically. 

14. (Previously Presented) The method according to claim 8 wherein the assessment 
is updated whenever the vendor updates its security procedures, the updates are verified and 
provided to the database. 

15. (Original) The method according to claim 8 wherein each assessment comprises 
one or more of SAS70 reports, Penetration Reports, Information Security Policies, Computer 
Incident Response Policies, DR Plans, Business Resumption Plans, Insurance Coverages, 3 rd 
Party Vendor Management Policies & Programs and Annual Financial Reports. 

16. (Original) The method according to claim 8 further including providing a rating 
for each vendor based upon a type of information to be protected and the security procedures of 
the vendor. 
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17. (Original) The method according to claim 8 further including providing a rating 
for each vendor based upon the security procedures of the vendor. 

18. (New) A method of providing assurance to one of a number of first party entities 
that one of a number of second party entities to which said one first party entity contemplates the 
disclosure of certain confidential information, has adopted, implemented and observed certain 
security measures with respect tot the handling of confidential information, comprising: 

arranging with at least one of said second party entities to acquire therefrom, compile and 
store in a database, by a third party entity, verification regarding the adoption, implementation 
and observation of security measures in the handling of confidential information of at least one 
of said first party entities; 

arranging with at least one of said first party entities, a subscription service providing 
said one first party entity with assurance of the adoption, implementation and observance of the 
security measures of said one second party entity, by said third party, upon request of said one 
first party entity; and 

providing the requested assurances by said third party entity to said one first party entity 
in response to said request. 
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